From 32356b812398c6a0116c70423359c7e57d889217 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Ond=C5=99ej=20Vejpustek?= <ondrej.vejpustek@satoshilabs.com>
Date: Fri, 9 Aug 2024 16:44:29 +0200
Subject: [PATCH] refactor(crypto): use functions instead of macros in
 groestl512

---
 crypto/groestl.c | 208 +++++++++++++++--------------------------------
 crypto/groestl.h |   6 +-
 2 files changed, 67 insertions(+), 147 deletions(-)

diff --git a/crypto/groestl.c b/crypto/groestl.c
index 5f8ef01513..b9e179efbe 100644
--- a/crypto/groestl.c
+++ b/crypto/groestl.c
@@ -339,153 +339,73 @@ static const sph_u32 T1dn[] = {
 	} while (0)
 
 
-#define RBTT(d0, d1, a, b0, b1, b2, b3, b4, b5, b6, b7)   do { \
-		sph_u32 fu2 = T0up[B32_2(a[b2])]; \
-		sph_u32 fd2 = T0dn[B32_2(a[b2])]; \
-		sph_u32 fu3 = T1up[B32_3(a[b3])]; \
-		sph_u32 fd3 = T1dn[B32_3(a[b3])]; \
-		sph_u32 fu6 = T0up[B32_2(a[b6])]; \
-		sph_u32 fd6 = T0dn[B32_2(a[b6])]; \
-		sph_u32 fu7 = T1up[B32_3(a[b7])]; \
-		sph_u32 fd7 = T1dn[B32_3(a[b7])]; \
-		t[d0] = T0up[B32_0(a[b0])] \
-			^ T1up[B32_1(a[b1])] \
-			^ R32u(fu2, fd2) \
-			^ R32u(fu3, fd3) \
-			^ T0dn[B32_0(a[b4])] \
-			^ T1dn[B32_1(a[b5])] \
-			^ R32d(fu6, fd6) \
-			^ R32d(fu7, fd7); \
-		t[d1] = T0dn[B32_0(a[b0])] \
-			^ T1dn[B32_1(a[b1])] \
-			^ R32d(fu2, fd2) \
-			^ R32d(fu3, fd3) \
-			^ T0up[B32_0(a[b4])] \
-			^ T1up[B32_1(a[b5])] \
-			^ R32u(fu6, fd6) \
-			^ R32u(fu7, fd7); \
-	} while (0)
 
+static void RBTT(size_t d0, size_t d1, sph_u32 *a, size_t b0, size_t b1,
+                 size_t b2, size_t b3, size_t b4, size_t b5, size_t b6,
+                 size_t b7, sph_u32 *t) {
+  sph_u32 fu2 = T0up[B32_2(a[b2])];
+  sph_u32 fd2 = T0dn[B32_2(a[b2])];
+  sph_u32 fu3 = T1up[B32_3(a[b3])];
+  sph_u32 fd3 = T1dn[B32_3(a[b3])];
+  sph_u32 fu6 = T0up[B32_2(a[b6])];
+  sph_u32 fd6 = T0dn[B32_2(a[b6])];
+  sph_u32 fu7 = T1up[B32_3(a[b7])];
+  sph_u32 fd7 = T1dn[B32_3(a[b7])];
+  t[d0] = T0up[B32_0(a[b0])] ^ T1up[B32_1(a[b1])] ^ R32u(fu2, fd2) ^
+          R32u(fu3, fd3) ^ T0dn[B32_0(a[b4])] ^ T1dn[B32_1(a[b5])] ^
+          R32d(fu6, fd6) ^ R32d(fu7, fd7);
+  t[d1] = T0dn[B32_0(a[b0])] ^ T1dn[B32_1(a[b1])] ^ R32d(fu2, fd2) ^
+          R32d(fu3, fd3) ^ T0up[B32_0(a[b4])] ^ T1up[B32_1(a[b5])] ^
+          R32u(fu6, fd6) ^ R32u(fu7, fd7);
+}
 
-#define ROUND_BIG_P(a, r)   do { \
-		sph_u32 t[32]; \
-		size_t u; \
-		a[0x00] ^= PC32up(0x00, r); \
-		a[0x01] ^= PC32dn(0x00, r); \
-		a[0x02] ^= PC32up(0x10, r); \
-		a[0x03] ^= PC32dn(0x10, r); \
-		a[0x04] ^= PC32up(0x20, r); \
-		a[0x05] ^= PC32dn(0x20, r); \
-		a[0x06] ^= PC32up(0x30, r); \
-		a[0x07] ^= PC32dn(0x30, r); \
-		a[0x08] ^= PC32up(0x40, r); \
-		a[0x09] ^= PC32dn(0x40, r); \
-		a[0x0A] ^= PC32up(0x50, r); \
-		a[0x0B] ^= PC32dn(0x50, r); \
-		a[0x0C] ^= PC32up(0x60, r); \
-		a[0x0D] ^= PC32dn(0x60, r); \
-		a[0x0E] ^= PC32up(0x70, r); \
-		a[0x0F] ^= PC32dn(0x70, r); \
-		a[0x10] ^= PC32up(0x80, r); \
-		a[0x11] ^= PC32dn(0x80, r); \
-		a[0x12] ^= PC32up(0x90, r); \
-		a[0x13] ^= PC32dn(0x90, r); \
-		a[0x14] ^= PC32up(0xA0, r); \
-		a[0x15] ^= PC32dn(0xA0, r); \
-		a[0x16] ^= PC32up(0xB0, r); \
-		a[0x17] ^= PC32dn(0xB0, r); \
-		a[0x18] ^= PC32up(0xC0, r); \
-		a[0x19] ^= PC32dn(0xC0, r); \
-		a[0x1A] ^= PC32up(0xD0, r); \
-		a[0x1B] ^= PC32dn(0xD0, r); \
-		a[0x1C] ^= PC32up(0xE0, r); \
-		a[0x1D] ^= PC32dn(0xE0, r); \
-		a[0x1E] ^= PC32up(0xF0, r); \
-		a[0x1F] ^= PC32dn(0xF0, r); \
-		for (u = 0; u < 32; u += 8) { \
-			RBTT(u + 0x00, (u + 0x01) & 0x1F, a, \
-				u + 0x00, (u + 0x02) & 0x1F, \
-				(u + 0x04) & 0x1F, (u + 0x06) & 0x1F, \
-				(u + 0x09) & 0x1F, (u + 0x0B) & 0x1F, \
-				(u + 0x0D) & 0x1F, (u + 0x17) & 0x1F); \
-			RBTT(u + 0x02, (u + 0x03) & 0x1F, a, \
-				u + 0x02, (u + 0x04) & 0x1F, \
-				(u + 0x06) & 0x1F, (u + 0x08) & 0x1F, \
-				(u + 0x0B) & 0x1F, (u + 0x0D) & 0x1F, \
-				(u + 0x0F) & 0x1F, (u + 0x19) & 0x1F); \
-			RBTT(u + 0x04, (u + 0x05) & 0x1F, a, \
-				u + 0x04, (u + 0x06) & 0x1F, \
-				(u + 0x08) & 0x1F, (u + 0x0A) & 0x1F, \
-				(u + 0x0D) & 0x1F, (u + 0x0F) & 0x1F, \
-				(u + 0x11) & 0x1F, (u + 0x1B) & 0x1F); \
-			RBTT(u + 0x06, (u + 0x07) & 0x1F, a, \
-				u + 0x06, (u + 0x08) & 0x1F, \
-				(u + 0x0A) & 0x1F, (u + 0x0C) & 0x1F, \
-				(u + 0x0F) & 0x1F, (u + 0x11) & 0x1F, \
-				(u + 0x13) & 0x1F, (u + 0x1D) & 0x1F); \
-		} \
-		memcpy(a, t, sizeof t); \
-	} while (0)
+static void ROUND_BIG_P(sph_u32 *a, int r) {
+  sph_u32 t[32] = {0};
+  for (size_t i = 0; i < 16; i++) {
+    int j = i << 4;
+    a[2 * i] ^= PC32up(j, r);
+    a[2 * i + 1] ^= PC32dn(j, r);
+  }
+  for (size_t u = 0; u < 32; u += 8) {
+    RBTT(u + 0x00, (u + 0x01) & 0x1F, a, u + 0x00, (u + 0x02) & 0x1F,
+         (u + 0x04) & 0x1F, (u + 0x06) & 0x1F, (u + 0x09) & 0x1F,
+         (u + 0x0B) & 0x1F, (u + 0x0D) & 0x1F, (u + 0x17) & 0x1F, t);
+    RBTT(u + 0x02, (u + 0x03) & 0x1F, a, u + 0x02, (u + 0x04) & 0x1F,
+         (u + 0x06) & 0x1F, (u + 0x08) & 0x1F, (u + 0x0B) & 0x1F,
+         (u + 0x0D) & 0x1F, (u + 0x0F) & 0x1F, (u + 0x19) & 0x1F, t);
+    RBTT(u + 0x04, (u + 0x05) & 0x1F, a, u + 0x04, (u + 0x06) & 0x1F,
+         (u + 0x08) & 0x1F, (u + 0x0A) & 0x1F, (u + 0x0D) & 0x1F,
+         (u + 0x0F) & 0x1F, (u + 0x11) & 0x1F, (u + 0x1B) & 0x1F, t);
+    RBTT(u + 0x06, (u + 0x07) & 0x1F, a, u + 0x06, (u + 0x08) & 0x1F,
+         (u + 0x0A) & 0x1F, (u + 0x0C) & 0x1F, (u + 0x0F) & 0x1F,
+         (u + 0x11) & 0x1F, (u + 0x13) & 0x1F, (u + 0x1D) & 0x1F, t);
+  }
+  memcpy(a, t, sizeof(t));
+}
 
-#define ROUND_BIG_Q(a, r)   do { \
-		sph_u32 t[32]; \
-		size_t u; \
-		a[0x00] ^= QC32up(0x00, r); \
-		a[0x01] ^= QC32dn(0x00, r); \
-		a[0x02] ^= QC32up(0x10, r); \
-		a[0x03] ^= QC32dn(0x10, r); \
-		a[0x04] ^= QC32up(0x20, r); \
-		a[0x05] ^= QC32dn(0x20, r); \
-		a[0x06] ^= QC32up(0x30, r); \
-		a[0x07] ^= QC32dn(0x30, r); \
-		a[0x08] ^= QC32up(0x40, r); \
-		a[0x09] ^= QC32dn(0x40, r); \
-		a[0x0A] ^= QC32up(0x50, r); \
-		a[0x0B] ^= QC32dn(0x50, r); \
-		a[0x0C] ^= QC32up(0x60, r); \
-		a[0x0D] ^= QC32dn(0x60, r); \
-		a[0x0E] ^= QC32up(0x70, r); \
-		a[0x0F] ^= QC32dn(0x70, r); \
-		a[0x10] ^= QC32up(0x80, r); \
-		a[0x11] ^= QC32dn(0x80, r); \
-		a[0x12] ^= QC32up(0x90, r); \
-		a[0x13] ^= QC32dn(0x90, r); \
-		a[0x14] ^= QC32up(0xA0, r); \
-		a[0x15] ^= QC32dn(0xA0, r); \
-		a[0x16] ^= QC32up(0xB0, r); \
-		a[0x17] ^= QC32dn(0xB0, r); \
-		a[0x18] ^= QC32up(0xC0, r); \
-		a[0x19] ^= QC32dn(0xC0, r); \
-		a[0x1A] ^= QC32up(0xD0, r); \
-		a[0x1B] ^= QC32dn(0xD0, r); \
-		a[0x1C] ^= QC32up(0xE0, r); \
-		a[0x1D] ^= QC32dn(0xE0, r); \
-		a[0x1E] ^= QC32up(0xF0, r); \
-		a[0x1F] ^= QC32dn(0xF0, r); \
-		for (u = 0; u < 32; u += 8) { \
-			RBTT(u + 0x00, (u + 0x01) & 0x1F, a, \
-				(u + 0x02) & 0x1F, (u + 0x06) & 0x1F, \
-				(u + 0x0A) & 0x1F, (u + 0x16) & 0x1F, \
-				(u + 0x01) & 0x1F, (u + 0x05) & 0x1F, \
-				(u + 0x09) & 0x1F, (u + 0x0D) & 0x1F); \
-			RBTT(u + 0x02, (u + 0x03) & 0x1F, a, \
-				(u + 0x04) & 0x1F, (u + 0x08) & 0x1F, \
-				(u + 0x0C) & 0x1F, (u + 0x18) & 0x1F, \
-				(u + 0x03) & 0x1F, (u + 0x07) & 0x1F, \
-				(u + 0x0B) & 0x1F, (u + 0x0F) & 0x1F); \
-			RBTT(u + 0x04, (u + 0x05) & 0x1F, a, \
-				(u + 0x06) & 0x1F, (u + 0x0A) & 0x1F, \
-				(u + 0x0E) & 0x1F, (u + 0x1A) & 0x1F, \
-				(u + 0x05) & 0x1F, (u + 0x09) & 0x1F, \
-				(u + 0x0D) & 0x1F, (u + 0x11) & 0x1F); \
-			RBTT(u + 0x06, (u + 0x07) & 0x1F, a, \
-				(u + 0x08) & 0x1F, (u + 0x0C) & 0x1F, \
-				(u + 0x10) & 0x1F, (u + 0x1C) & 0x1F, \
-				(u + 0x07) & 0x1F, (u + 0x0B) & 0x1F, \
-				(u + 0x0F) & 0x1F, (u + 0x13) & 0x1F); \
-		} \
-		memcpy(a, t, sizeof t); \
-	} while (0)
+static void ROUND_BIG_Q(sph_u32 *a, int r) {
+  sph_u32 t[32] = {0};
+  for (size_t i = 0; i < 16; i++) {
+    int j = i << 4;
+    a[2 * i] ^= QC32up(j, r);
+    a[2 * i + 1] ^= QC32dn(j, r);
+  }
+  for (size_t u = 0; u < 32; u += 8) {
+    RBTT(u + 0x00, (u + 0x01) & 0x1F, a, (u + 0x02) & 0x1F, (u + 0x06) & 0x1F,
+         (u + 0x0A) & 0x1F, (u + 0x16) & 0x1F, (u + 0x01) & 0x1F,
+         (u + 0x05) & 0x1F, (u + 0x09) & 0x1F, (u + 0x0D) & 0x1F, t);
+    RBTT(u + 0x02, (u + 0x03) & 0x1F, a, (u + 0x04) & 0x1F, (u + 0x08) & 0x1F,
+         (u + 0x0C) & 0x1F, (u + 0x18) & 0x1F, (u + 0x03) & 0x1F,
+         (u + 0x07) & 0x1F, (u + 0x0B) & 0x1F, (u + 0x0F) & 0x1F, t);
+    RBTT(u + 0x04, (u + 0x05) & 0x1F, a, (u + 0x06) & 0x1F, (u + 0x0A) & 0x1F,
+         (u + 0x0E) & 0x1F, (u + 0x1A) & 0x1F, (u + 0x05) & 0x1F,
+         (u + 0x09) & 0x1F, (u + 0x0D) & 0x1F, (u + 0x11) & 0x1F, t);
+    RBTT(u + 0x06, (u + 0x07) & 0x1F, a, (u + 0x08) & 0x1F, (u + 0x0C) & 0x1F,
+         (u + 0x10) & 0x1F, (u + 0x1C) & 0x1F, (u + 0x07) & 0x1F,
+         (u + 0x0B) & 0x1F, (u + 0x0F) & 0x1F, (u + 0x13) & 0x1F, t);
+  }
+  memcpy(a, t, sizeof(t));
+}
 
 
 #define PERM_BIG_P(a)   do { \
diff --git a/crypto/groestl.h b/crypto/groestl.h
index 7dd89d28a8..06de5724e8 100644
--- a/crypto/groestl.h
+++ b/crypto/groestl.h
@@ -2,7 +2,7 @@
  * Trezor adaptation by Yura Pakhuchiy <pakhuchiy@gmail.com>. */
 /**
  * Groestl interface. This code implements Groestl with the recommended
- * parameters for SHA-3, with outputs of 224, 256, 384 and 512 bits.
+ * parameters for SHA-3, with output of 512 bits.
  *
  * ==========================(LICENSE BEGIN)============================
  *
@@ -29,7 +29,7 @@
  *
  * ===========================(LICENSE END)=============================
  *
- * @file     sph_groestl.h
+ * @file     groestl.h
  * @author   Thomas Pornin <thomas.pornin@cryptolog.com>
  */
 
@@ -39,7 +39,7 @@
 #include <stddef.h>
 
 /**
- * This structure is a context for Groestl-384 and Groestl-512 computations:
+ * This structure is a context for Groestl-512 computation:
  * it contains the intermediate values and some data from the last
  * entered block. Once a Groestl computation has been performed, the
  * context can be reused for another computation.